Formalizing and appling compliance patterns for business process compliance

Software & Systems Modeling - 2016
Amal Elgammal1, Oktay Türetken2, Willem‐Jan van den Heuvel3, Michael P. Papazoglou3
1Governance, Risk Management and Compliance Technology Centre (GRCTC), University College Cork, Cork, Ireland
2School of Industrial Engineering, Eindhoven University of Technology, 5600 MB , Eindhoven, Netherlands
3European Research Institute in Service Science (ERISS), Tilburg University, 5000 LE , Tilburg, Netherlands

Tóm tắt

Từ khóa


Tài liệu tham khảo

SOX: Sarbanes-Oxley Act of 2002. In: Congress, U.S. (ed.), (2002)

Bank for International Settlements: Basel III: International framework for liquidity risk measurement, standards and monitoring (2010)

Accutiy. Visualising trends in anti-money laundering compliance. http://www.accuity.com/industry-updates/free-resources/trends-in-aml-compliance-infographic/ . Accessed 28 Nov 2013

Ernst & Young: The Top 10 Risks For Business. The Ernst & Young Business Risk Report (2010)

Hartman, T.: The Cost of Being Public in the ERA of Sarbanes-Oxley. Foley & Lardner LLP (2006)

Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: International Business Process Management Workshops (BPM), Austria, pp. 5–14 (2006)

Sadiq, S., Governatori, G., Naimiri, K.: Modeling control objectives for business process compliance. In: Business Process Management-BPM’09 Proceedings, pp. 149–164 (2007)

Holzmann, G.: The model checker SPIN. IEEE Trans. Softw. Eng. 23, 279–295 (1997)

Ly, L.T., Rinderle-Ma, S., Göser, K., Dadam, P.: On enabling integrated process compliance with semantic constraints in process management systems. Inf. Syst. Front. 14(2), 195–219 (2012)

Halle, S., Villemaire, R., Cherkaoui, O.: Specifying and validating data-aware temporal web service properties. IEEE Trans. Softw. Eng. 35, 669–683 (2009)

Giblin, C., Liu, A., Muller, S., Pfitzmann, B., Zhou, X.: Regulations expressed as logical models. In: 18th International Annual Conference of Legal Knowledge and Information Systems, Belgium, pp. 37–48 (2005)

Eshuis, R.: Symbolic model checking of UML activity diagrams. ACM Trans. Softw. Eng. Methodol. 15, 1–38 (2006)

Wang, H.J., Leon Zhao, J.: Constraint-centric workflow change analytics. Decis. Support Syst. 51, 562–575 (2011)

Abouzaid, F., Mullins, J.: A calculus for generation, verification, and refinement of BPEL specifications. Electron. Notes Theor. Comput. Sci. (ENTCS) 200, 43–65 (2008)

Awad, A., Gore, R., Thomson, J., Weidlich, M.: An iterative approach for business process template synthesis from compliance rules. In: 23rd International Conference on Advanced Information Systems, Engineering, pp. 406–421 (2011)

Yu, J., Han, Y., Han, J., Jin, Y., Falcarin, P., Morisio, M.: Synthesizing service composition models on the basis of temporal business rules. J. Comput. Sci. Technol. 23, 885–894 (2008)

Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46, 335–361 (2007)

Awad, A., Weidlich, M., Weske, M.: Specification, verification and explanation of violation for data aware compliance rules. In: 7th International Conference on Service Oriented Computing (ICSOC- Service Wave’09), vol. 5900, pp. 500–515. Springer, Berlin (2009)

Geist, D.: The PSL/sugar specification language: a language for all seasons. In: The Correct Hardware Design and Verification Methods Conference, pp. 21–24 (2003)

Khaluf, L., Gerth, C., Engels, G.: Pattern-based modeling and formalizing of business process quality constraints. In: CAiSE’11, pp. 521–535 (2011)

Yu, J., Manh, T., Han, J., Jin, Y.: Pattern based property specification and verification for service composition. In: K.A. et al. (eds) WISE 2006, LNCS-4255, pp. 156–168. Springer, Berlin (2006)

Dwyer, M., Avrunin, G., Corbett, J.: Property specification patterns for finite-state verification. In: 2nd International Workshop on Formal Methods on Software, Practice, pp. 7–15 (1998)

Pelliccione, P., Inverardi, P., Muccini, H.: CHARMY: a framework for designing and verifying architectural specifications. IEEE Trans. Softw. Eng. 35, 325–346 (2009)

Ramezani, E., Fahland, D., van der Aalst, W.: Where did i misbehave? Diagnostic information in compliance checking. In: 10th International Conference on Business Process Management (BPM), pp. 262–278. Springer, Berlin (2012)

Accorsi, R., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. (BISE) 3, 145–154 (2011)

Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: 10th International Conference on Business Process Management (BPM), pp. 172–187. Springer, Berlin (2012)

Pesic, M., Schonenberg, H., van der Aalst, W.M.P.: DECLARE: full support for loosely-structured processes. In: EDOC’07, pp. 287–300 (2007)

Pesic, M., van der Aalst, W.: A declarative approach for flexible business processes management. In: BPM’06 Workshops (2006)

Konrad, S., Cheng, B.: Real-time specification patterns. In: International Conference on Software Engineering (ICSE’05), USA, pp. 15–21 (2005)

Giblin, C., Muller, S., Pfitzmann, B.: From Regulatory Policies to Event Monitoring Rules. Zurich Research Laboratory, Zurich (2006)

Gruhn, V., Laue, R.: Specification patterns for time-related properties. In: 12th Int’l Symposium on Temporal Representation and Reasoning, pp. 198–191 (2005)

Wolter, C., Schaad, A.: Modeling of task-based authorization constraints in BPMN. In: Business Process Management (BPM 2007), pp. 64–79. Springer, Berlin (2007)

Ahn, G., Sandhu, R., Kang, M., Park., J.: Injecting RBAC to secure a web-based workflow system. In: RBAC ’00, pp. 1–10 (2000)

Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: 10th International Enterprise Distributed Object Computing Conference (EDOC 2006), pp. 221–232 (2006)

Governatori, G., Rotolo, A.: Justice delayed is justice denied: logics for a temporal account of reparations and legal compliance. In: Computational Logic in Multi-Agent Systems, vol. 6814, pp. 364–382 (2011)

Thomas, F.: Constructing legal arguments with rules in the legal knowledge interchange format (LKIF). In: Computable Models of the Law, Languages, Dialogues, Games, Ontologies, vol. 4884, pp. 162–184 (2008)

Palmirani, M., Governatori, G., Contissa, G.: Modelling temporal legal rules. In: International Conference on Artificial Intelligence and Law, pp. 131–135 (2011)

Governatori, G., Olivieri, F., Scannapieco, S., Cristani, M.: Designing for compliance: norms and goals. In: 5th International Conference on Rule-Based Modeling and Computing on the Semantic Web, pp. 282–297 (2011)

Governatori, G., Rotolo, A.: Bio logical agents: norms, beliefs, intentions in defeasible logic. J. Auton. Agents Multi Agent Syst. 17, 36–69 (2008)

Markovic, I., Pereira, A.C., Stojanovic, N.: A framework for querying in business process modelling. International Multikonferenz Wirtschaftsinformatik, Germany, pp. 1703–1714 (2008)

Beeri, C., Eyal, A., Kamenkovich., S.: Querying business processes. In: 32nd International VLDB Conference, Korea, pp. 343–354 (2006)

Kühne, S., Kern, H., Gruhn, V., Laue, R.: Business process modeling with continuous validation. J. Softw. Evol. Process 22, 547–566 (2010)

Delfmann, P., Herwig, S., Lis, L., Stein, A., Tent, K., Becker, J.: Pattern specification and matching in conceptual models: a generic approach based on set operations. Enterp. Modell. Inf. Syst. Arch. 5, 24–43 (2010)

Awad, A.: BPMN-Q: A language to query business processes. In: 2nd International Workshop on Enterprise Modelling and Information Systems Architectures: Concepts and Applications (EMISA), Germany, pp. 115–128 (2007)

Elgammal, A., Turetken, O., van den Heuvel, W., Papazoglou, M.: Towards a comprehensive design-time compliance management: a roadmap. In: 15 International Business Information Management Conference (15th IBIMA), Egypt, pp. 1480–1484 (2010)

Fu, X., Bultan, T., Su, J.: Analysis of Interacting BPEL Web Services. World Wide Web (WWW), pp. 621–630. ACM Press, USA (2004)

Fu, X., Bultan, T., Su, J.: WSAT: a tool for formal analysis of web services. In: 16th International Conference on Computer Aided Verification, USA, pp. 510–514 (2004)

Turetken, O., Elgammal, A., van den Heuvel, W.J., Papazoglou, M.: Enforcing compliance on business processes through the use of patterns. In: 19th European Conference on Information Systems (ECIS 2011), Finland (2011)

Turetken, O., Elgammal, A., van den Heuvel, W., Papazoglou, M.: Capturing compliance requirements: a pattern-based approach. IEEE Softw. 29, 28–36 (2012)

COSO: Internal Control: Integrated Framework. The Committee of Sponsoring Organizations of the Treadway Commission (1994)

Elgammal, A., Turetken, O., van den Heuvel, W., Papazoglou, M.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: 8th International Conference on Service-Oriented Computing (ICSOC’10), USA, pp. 17–31 (2010)

Elgammal, A., Turetken, O., van den Heuvel, W.: Using patterns for the analysis and resolution of compliance violations. Int. J. Coop. Inf. Syst. 21, 31–54 (2012)

COMPAS Project, Deliverable 2.1: State-of-the-Art in the Field of Compliance Languages (2008)

IFRS: International Financial Reporting Standards. International Accounting Standards Board (2001)

FINRA: The Financial Industry Regulatory Authority, “FINRA Manual” (2008)

COBIT: Control Objectives for Information and related Technology: COBIT, 4.1. IT Governance Institute (2007)

OCEG: GRC Capability Model, Ver 2.0. Open Compliance and Ethics Group (2009)

Elgammal, A., Turetken, O., van den Heuvel, W., Papazoglou, M.: On the formal specification of regulatory compliance: a comparative analysis. In: International Performance Assessment and Auditing in Service Computing Workshop, ICSOC’10 workshops, USA (2010)

Elgammal, A., Turetken, O., van den Heuvel, W., Papazoglou, M.: On the formal specification of business contracts and regulatory compliance. In: 4th Workshop on Formal Languages and Analysis of Contract-Oriented Software, EPTCS, Pisa, Italy. pp. 33–36 (2010)

Elgammal, A.: Towards a comprehensive framework for business process compliance. Ph.D. Dissertation. Information Management Department, Tilburg University, Tilburg University Press, pp. 284 (April 2012)

Pnueli, A.: The temporal logic of programs. In: 18th IEEE Symposium on Foundations of Computer, Science, pp. 46–57 (1977)

Armoni, R., Fix, L., Flaisher, A., Gerth, R., Ginsburg, B., Kanza, T., Landver, A., Mador-Haim, S., Singerman, E., Tiemeyer, A., Vardi, M., Zbar, Y.: The ForSpec temporal logic: a new temporal property-specification language. Lecture Notes In Computer Science, vol. 2280 (2002)

Alur, R., Henzinger, T.: Real-time logics: complexity and expressiveness. Inf. Comput. 104, 35–77 (1993)

Baral, C., Zhoa, J.: Non-monotonic temporal logics for goal specifications. In: 20th International Intelligence Conference on Artificial Intelligence (IJCAI-07), India, pp. 236–242 (2007)

Hevner, A., March, S., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)

Sebahi, S.: Business process compliance monitoring: a view based approach. Laboratoire d’InfoRmatique en Image et Systèmes d’information (LIRIS), Ph.D. University Lyon 1, Lyon (2012)

OMG: Semantics Of Business Vocabulary And Business Rules (SBVR), Version 1.0. (2008)

Abi-Lahoud, E., Butler, T., Chapin, D., Hall, J.: Interpreting regulations in SBVR. In: RuleML (2013)

Thông tin
Thông tin xuất bản

Software & Systems Modeling

Thông tin tác giả